At Ava we have a number of automated systems which scan our code to detect the use of third party libraries and detect any vulnerabilities which they could introduce, such as the Log4Shell exploit.
Ava’s Product Security Incident Response Team (PSIRT) and Internal Blue Teams have launched an internal investigation into the impact of this vulnerability across our products, services, and internal business tools.
Here at Ava we take security very seriously as a ISO 27001 certified company. We have strong internal security controls and processes to ensure the security of customer data even in the event of a vulnerability in third party software.
We are continually reviewing our internal systems and can confirm the status of the below:
- Reveal Infrastructure: Our use of secure defaults within the JVM already provides mitigations against this exploit. Please contact your support representative for more information about your deployment.
- Reveal Cloud: As of Thursday 16th December this issue has been mitigated on both US and EU cloud instances.
- Reveal Agent: all versions - NOT Impacted
- Ava Aware:
- All Stable versions - NOT Impacted
- All Beta versions - NOT Impacted
- Ava Cameras:
- All Stable versions - NOT Impacted
- All Beta versions - NOT Impacted
- Ava Aware Mobile Apps (IOS + Android) - all versions - NOT Impacted
- Ava Cloud (DMP) - NOT Impacted
- Reveal MSSP - - NOT Impacted
We have reviewed our internal logs and have been unable to find any indication of compromise.
We are actively monitoring and reviewing our internal systems and will publish a full security advisory to our support portal once these investigations have concluded.
If you have any further questions please contact the Ava Security team.
Last Updated: 2021-12-20T16:30:00
